use of javax.security.jacc.WebResourcePermission in project Payara by payara.
the class JaccWebAuthorizationManager method isPermitAll.
public boolean isPermitAll(HttpServletRequest request) {
boolean isPermitAll = false;
WebResourcePermission webResourcePermission = createWebResourcePermission(request);
if (uncheckedPermissionCache != null) {
isPermitAll = uncheckedPermissionCache.checkPermission(webResourcePermission);
}
if (isPermitAll == false) {
isPermitAll = checkPermissionWithoutCache(webResourcePermission, null);
}
return isPermitAll;
}
use of javax.security.jacc.WebResourcePermission in project Payara by payara.
the class JaccWebAuthorizationManager method hasResourcePermission.
/**
* Perform access control based on the <code>HttpServletRequest</code>. Return <code>true</code> if this constraint is
* satisfied and processing should continue, or <code>false</code> otherwise.
*
* @return true is the resource is granted, false if denied
*/
public boolean hasResourcePermission(HttpServletRequest servletRequest) {
SecurityContext securityContect = getSecurityContext(servletRequest.getUserPrincipal());
WebResourcePermission webResourcePermission = createWebResourcePermission(servletRequest);
setServletRequestForJACC(servletRequest);
boolean isGranted = checkPermission(webResourcePermission, securityContect.getPrincipalSet());
SecurityContext.setCurrent(securityContect);
if (logger.isLoggable(FINE)) {
logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted);
logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", webResourcePermission);
}
recordWebInvocation(servletRequest, RESOURCE, isGranted);
return isGranted;
}
use of javax.security.jacc.WebResourcePermission in project Payara by payara.
the class JDKPolicyFileWrapper method removeExcludedPermissions.
// Should find a way to do this that preserves the argument PermissionCollection
// safe for now, because on EJBMethodPermission, WebResourcePermission, and
// WebUserDatePermissions are excluded, and none of these classes implement a
// custom collection.
private static PermissionCollection removeExcludedPermissions(PolicyConfigurationImpl policyConfiguration, PermissionCollection permissions) {
PermissionCollection permissionsWithoutExcluded = permissions;
Permissions excluded = getExcludedPolicy(policyConfiguration);
if (excluded != null && excluded.elements().hasMoreElements()) {
permissionsWithoutExcluded = null;
boolean noneRemoved = true;
for (Permission granted : list(permissions.elements())) {
if (!grantedIsExcluded(granted, excluded)) {
if (permissionsWithoutExcluded == null) {
permissionsWithoutExcluded = new Permissions();
}
permissionsWithoutExcluded.add(granted);
} else {
noneRemoved = false;
}
}
if (noneRemoved) {
permissionsWithoutExcluded = permissions;
}
}
return permissionsWithoutExcluded;
}
use of javax.security.jacc.WebResourcePermission in project tomee by apache.
the class TomcatSecurityConstaintsToJaccPermissionsTransformer method buildPermissions.
private void buildPermissions() {
for (URLPattern pattern : excludedPatterns.values()) {
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethods();
policyContext.getExcludedPermissions().add(new WebResourcePermission(name, actions));
policyContext.getExcludedPermissions().add(new WebUserDataPermission(name, actions));
}
for (Map.Entry<String, Map<String, URLPattern>> entry : rolesPatterns.entrySet()) {
Set<URLPattern> currentRolePatterns = new HashSet<URLPattern>(entry.getValue().values());
for (URLPattern pattern : entry.getValue().values()) {
String name = pattern.getQualifiedPattern(currentRolePatterns);
String actions = pattern.getMethods();
WebResourcePermission permission = new WebResourcePermission(name, actions);
policyContext.addRole(entry.getKey(), permission);
HTTPMethods methods = pattern.getHTTPMethods();
int transportType = pattern.getTransport();
addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
}
}
for (URLPattern pattern : uncheckedPatterns.values()) {
String name = pattern.getQualifiedPattern(allSet);
HTTPMethods methods = pattern.getHTTPMethods();
addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
int transportType = pattern.getTransport();
addOrUpdatePattern(uncheckedUserPatterns, name, methods, transportType);
}
/*
* A <code>WebResourcePermission</code> and a
* <code>WebUserDataPermission</code> must be instantiated for each
* <tt>url-pattern</tt> in the deployment descriptor and the default
* pattern "/", that is not combined by the
* <tt>web-resource-collection</tt> elements of the deployment
* descriptor with ever HTTP method value. The permission objects must
* be contructed using the qualified pattern as their name and with
* actions defined by the subset of the HTTP methods that do not occur
* in combination with the pattern. The resulting permissions that must
* be added to the unchecked policy statements by calling the
* <code>addToUncheckedPolcy</code> method on the
* <code>PolicyConfiguration</code> object.
*/
for (URLPattern pattern : allSet) {
String name = pattern.getQualifiedPattern(allSet);
HTTPMethods methods = pattern.getComplementedHTTPMethods();
if (methods.isNone()) {
continue;
}
addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
}
if (!allMap.containsKey("/")) {
URLPattern pattern = new URLPattern("/", Collections.<String>emptySet(), false);
String name = pattern.getQualifiedPattern(allSet);
HTTPMethods methods = pattern.getComplementedHTTPMethods();
addOrUpdatePattern(uncheckedResourcePatterns, name, methods, URLPattern.NA);
addOrUpdatePattern(uncheckedUserPatterns, name, methods, URLPattern.NA);
}
// Create the uncheckedPermissions for WebResourcePermissions
for (UncheckedItem item : uncheckedResourcePatterns.keySet()) {
HTTPMethods methods = uncheckedResourcePatterns.get(item);
String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
policyContext.getUncheckedPermissions().add(new WebResourcePermission(item.getName(), actions));
}
// Create the uncheckedPermissions for WebUserDataPermissions
for (UncheckedItem item : uncheckedUserPatterns.keySet()) {
HTTPMethods methods = uncheckedUserPatterns.get(item);
String actions = URLPattern.getMethodsWithTransport(methods, item.getTransportType());
policyContext.getUncheckedPermissions().add(new WebUserDataPermission(item.getName(), actions));
}
}
use of javax.security.jacc.WebResourcePermission in project Payara by payara.
the class MapValue method handleRoles.
static void handleRoles(HashMap<String, Permissions> map, MapValue m, String name) {
HashMap<String, BitSet> rMap = m.getRoleMap();
List<String> roleList = null;
// handle the roles for the omitted methods
if (!m.otherConstraint.isExcluded() && m.otherConstraint.isAuthConstrained()) {
roleList = m.otherConstraint.roleList;
for (String roleName : roleList) {
BitSet methods = m.getMethodSet();
// reduce ommissions for explicit methods granted to role
BitSet roleMethods = rMap.get(roleName);
if (roleMethods != null) {
methods.andNot(roleMethods);
}
String actions = null;
if (!methods.isEmpty()) {
actions = "!" + MethodValue.getActions(methods);
}
addToRoleMap(map, roleName, new WebResourcePermission(name, actions));
}
}
// handle explicit methods, skip roles that were handled above
BitSet methods = m.getMethodSet();
if (!methods.isEmpty()) {
for (Map.Entry<String, BitSet> rval : rMap.entrySet()) {
String roleName = rval.getKey();
if (roleList == null || !roleList.contains(roleName)) {
BitSet roleMethods = rval.getValue();
if (!roleMethods.isEmpty()) {
String actions = MethodValue.getActions(roleMethods);
addToRoleMap(map, roleName, new WebResourcePermission(name, actions));
}
}
}
}
}
Aggregations